Keywords
Crisis prevention, crisis simulation, crisis management, NIS2, cyber incident, cyber event
Summary
Janka Kreißl from the agency Dunkelblau talks about crisis prevention and crisis management in the face of cyber events. Tapping into her experience with many clients, she explains what smooth processes need and which stakeholders should be involved from the start.
Takeaways
IT incidents still outrun OT incidents.
50% of all cases are cyber events, ransomware taking the biggest share. The other 50 % are about compliance and restructuring processes.
In some companies, crisis management processes are outdated, in others they are non-existent, in particular when it concerns cyber incidents.
Crisis management needs regular training because a) sometimes procedures sound logical on paper but don’t work in real life, and b) it must become second nature.
Crisis management is part of the Business Continuity Management (BCM).
BCM needs to incorporate OT and needs to ask the stakeholders that think and operate differently to the IT.
Crisis management needs to involve key customers and suppliers from the start.
More and more companies want to be well prepared for cyber incidents so they don't panic when it happens.
Currently, about 20 % of all companies that contact Dunkelblau ask for crisis prevention.
Crisis prevention is not only an IT topic, it’s a management topic.
Companies should network to share knowledge and experiences regarding crisis prevention and management.
A crisis simulation provides a good idea of how it is to
A crisis simulation gives a good impression of what it's like to have to do without toilet breaks, smoke breaks, or lunch breaks.
Crisis prevention doesn’t need to be a large project but can be started in incremental steps.
It’s already worthwhile to build a small basis for crisis prevention and management before things go sideways.
Sound Bites
In the last weeks alone we were called in for ransomware events twice a week.
I worked three years on a cruise ship where we had weekly drills. Because of these I knew what to do when it actually burned one night at 3 in the morning.
The classic question we ask is: How will be angry most and fastest?
Anything is better than nothing, and anything you've thought about before is like a straw to hold on to in a crisis.
Chapters
00:00 Introduction
01:12 What are recent reasons for crisis management in companies?
03:35 How can companies implement crisis prevention and management?
09:00 How important are legal regulations for implementing crisis management?
11:01 Who should be involved in crisis management?
12:20 What go companies for more often: fire brigade or fire protection?
14:40
17:06 The impact of crisis simulation
18:02 How complex are crisis prevention and simulation projects?
